This article provides information about NAT Traversal (NAT-T) supported scenarios.
This article applies to all Junos versions up to and including 11.4.
Note: In the following scenarios, the SRX is the server and the client is the other peer device.
Supported scenarios: - Client behind the NAT device is trying to establish VPN with a server on the Internet:
Client (Private IP)---NAT-device---INTERNET CLOUD---Server(Public IP address)
- Single/many clients are trying to establish VPN through two outbound NATdevices to the VPN server on the Internet:
code>Client (Private IP)---NAT1-device----NAT2-device----INTERNET CLOUD---Server(Public IP address)
- Multiple clients with the same private IP address and each behind their own NAT device, are trying to establish VPN with a server on the Internet:
Client1 (Private IP)---NAT1-device---INTERNET CLOUD---Server(Public IP address)
Client2 (Private IP)---NAT2-device---INTERNET CLOUD---Server(Public IP address)
Supported scenarios with JUNOS 11.4R1 and later (NAT devices perform a static 1-to-1 NAT from public to private address):
- Client having Public IP addresses are trying to establish VPN with a server behind the NAT device:
Client (Internet IP)---INTERNET CLOUD---NAT-device----Server(Private IP address)
- Client behind a NAT device is trying to establish VPN with a server behind the NAT device:
Client (Private IP)---NAT-device---INTERNET CLOUD---NAT-device----Server(Private IP address
- Gateway to Gateway tunnel over NAT:
Server1 (Private IP)---NAT-device---INTERNET CLOUD---NAT-device----Server2(Private IP address)
This issue is addressed in 11.4R1.